Report: All Is Relatively Secure In The Cloud

One of the biggest silver linings surrounding cloud computing of late has been its exponential growth. Spending on cloud services is forecast to grow 18.5 percent to $131 billion worldwide this year, according to Gartner.

But with this expansion comes the obvious question: Is it secure?

Alert Logic, a cloud security vendor, released its new State of Cloud Security report which should assuage fears. They found that nearly half -- 49 percent -- of enterprise environments in the study experienced verified malware/botnet activity, compared to just five percent of cloud hosting provider environments, according to their report.

Security Bistro spoke to Stephen Coty, director of security research with Alert Logic, who said it appears the nature of the attacks has created this dichotomy.

"Threats for cloud hosting customers are more opportunistic in nature, unlike the more targeted attacks on enterprises. As a result, we see less use of the tools typically used in targeted attacks, such as malware, and lower frequency," he said. "We observed attackers try to find a vulnerability and move on when they don't rather than repeat their attacks."

In fact, the frequency of attacks experienced by enterprise data centers was higher across the board -- incidents of reconnaissance attacks was nearly 10 times greater, while data center environments experienced malware/botnet attacks nearly three times more frequently as compared to the cloud, according to the report.

Cloud hosting provider environments also typically face a narrower range of threats. The study found that customers using enterprise data center environments experienced an average of 2.5 types of incidents, while those using cloud hosting provider environments experienced an average of 1.8 incident types, according to the report.

Coty said that as cloud use inevitably increases, particularly for more valuable data and assets, this may change. But for now, there is a misconception out there that the cloud is more exposed to risk. In his experience, reality should outweigh these fears.

"The misconception is probably based on the fact that a multitenant architecture will always raise fears of data compromise. What many don’t appreciate is that cloud providers are very good at managing their architecture correctly to prevent that," he said. "We're seeing a broad range of security products becoming available for cloud infrastructure, so the misperception is fading."

The report found that the enterprise, with its more complex infrastructure and higher-value information, is more likely to be subjected to sophisticated, targeted attacks, such as malware. Coty told Security Bistro that this impacted the types of industry that were the most vulnerable.

With 76 percent of Alert Logic's energy sector clients dealing with malware attacks in their enterprise data centers, according to the report, utilities and other critical infrastructure should be concerned.

"The most targeted industry we observed was the energy sector; specifically, this industry experienced more targeted malware attacks than any other we observed. Firms in this industry often have extremely valuable data, such as geologic data, which makes them an attractive target. We also saw high rates of targeted malware attacks in the financial services industry, again because of the high value of its data," he added.

Coty has some advice for enterprises looking to keep risk low, starting with a solid response plan should a threat or breach be identified and ending with an active defense such as a web application firewall. In between, common sense rules.

"First, focus on good management of infrastructure to close off vulnerabilities. Patching and configuration management can prevent many problems, and regular vulnerability scanning can identify issues that need to be addressed," he said. "It is also critical to monitor security data, such as network traffic and logs, among others. There are many good detection technologies, however, unless the data is analyzed and correlated, they will not reveal much."

Awareness of web application attacks, which are common in all environments, is also key, he added.

For their State of Cloud Security report, Alert Logic observed more than one billion security events and verified more than 45,000 security incidents during a six-month period as valid threats. The report evaluated three vectors of analysis - incident occurrence, incident frequency and threat diversity - across six (malware, web application attacks, reconnaissance, vulnerability scan, brute force and application attacks) security incident categories.